From: guido@trentalancia.com (Guido Trentalancia)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH/RFC 2/19]: patch set to update the git reference policy
Date: Tue, 01 Feb 2011 21:03:30 +0100 [thread overview]
Message-ID: <1296590610.3038.8.camel@tesla.lan> (raw)
In-Reply-To: <4D48132F.7070705@tresys.com>
Hello Christopher !
On Tue, 01/02/2011 at 09.05 -0500, Christopher J. PeBenito wrote:
> On 01/31/11 18:15, Guido Trentalancia wrote:
> > Hello again Christopher !
> >
> > On Mon, 31/01/2011 at 13.52 -0500, Christopher J. PeBenito wrote:
> >> On 1/24/2011 9:24 AM, Dominick Grift wrote:
> >>> On 01/24/2011 01:43 AM, Guido Trentalancia wrote:
> >>
> >> Please include descriptions on each of your patches. The subject is
> >> definitely insufficient. I guess this is all the dbus changes you
> >> suggest? More
> >
> > The DBus send_msg issue is the probably the main change introduced by
> > the set of patches that I am proposing.
> >
> > The issue is very wide and needs careful approval. It's not limited to
> > this [2/19] patch/thread at all. It is mainly a style issue, but it's an
> > important one.
> >
> > In my reply to [0/19] I have pointed out a few threads where such issue
> > has been discussed more extensively between me and Dominick, because we
> > kept having different point of views and none of us managed to
> > definitely persuade the other !
> >
> > In any case, [2/19] and [8/19] are perhaps the most relevant places
> > where you can provide a definite direction on this (in short, can we
> > really talk about an hypothetical DBus "chat" throughout all refpolicy
> > and model interfaces accordingly to such assumption when on the other
> > hand the elementary data-flow in DBus is constituted by a
> > uni-directional message called "signal" ?).
>
> There already is an established verb for unidirectional dbus messaging:
> send. See unconfined_dbus_send() for an example. If there is
> unidirectional messaging, the policy should reflect that.
Yes, unconfined_dbus_send() can be used in the context of the unconfined
domain.
But then there are many other circumstances where DBus messaging needs
to take place. My original dbus-messaging patch ([2/19]) contains
several examples of where this appears to be needed.
I prefer to grant two distinct and separate uni-directional send_msg
permissions in the two relevant modules anyway (even in the case of
bi-directional messaging).
Therefore, I have always created new *_dbus_send() interfaces even where
*_dbus_chat() interfaces were present (and could in theory be used).
What do you think ?
Regards,
Guido
next prev parent reply other threads:[~2011-02-01 20:03 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-24 0:43 [refpolicy] [PATCH/RFC 2/19]: patch set to update the git reference policy Guido Trentalancia
2011-01-24 14:24 ` Dominick Grift
2011-01-31 18:52 ` Christopher J. PeBenito
2011-01-31 23:15 ` Guido Trentalancia
[not found] ` <4D48132F.7070705@tresys.com>
2011-02-01 20:03 ` Guido Trentalancia [this message]
[not found] ` <4D48649C.70000@tresys.com>
2011-02-01 20:59 ` Guido Trentalancia
2011-02-03 0:18 ` Martin Orr
2011-02-03 21:43 ` Guido Trentalancia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1296590610.3038.8.camel@tesla.lan \
--to=guido@trentalancia.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.